LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   file integrity check (http://www.linuxquestions.org/questions/linux-security-4/file-integrity-check-826897/)

packets 08-17-2010 10:04 PM

file integrity check
 
I need to monitor a file if its being modified and if yes, I need to execute a script. Would anyone recommend any tools besides tripwire that is capable of doing this. If there are simple commands or linux commands other than installing third party software,please let me know. Otherwise, I'll try to install open source software that you would recommend.

sag47 08-18-2010 12:05 AM

Create a script which calculates the md5sum of the file initially.

After that use md5sum to check if the file has changed in an infinite loop with the script waiting for a given time interval.

Give the script some sort of stop mechanism.

Start attempting to write a script to do that. If you get stuck then post what you have and we users can help you make it work or to refine it to work better.

SAM

packets 08-18-2010 12:09 AM

@sag47

Yes. Currently making script right now using md5sum and will just compare the output.

Just wandering if there are already tools available on the net that I haven't stumble yet.

I'm checking afick but it seems it was for generating reports only.

anomie 08-18-2010 06:09 PM

If by "being modified" you mean you are concerned with changes in content, ownership, permissions, inode, et al., then you might consider a very simple configuration of a HIDS like aide.

If all you really care about is content, then a cryptographic hash is perfect. Initialize it once, and check it regularly with a cronjob. Be sure to check out openssl's dgst(1). Recent implementations should support sha512.

estabroo 08-18-2010 09:11 PM

if you know a bit of C you can use the inotify routines to actively tell you when the file(s) get modified


All times are GMT -5. The time now is 03:45 AM.